<!DOCTYPE html>
<html lang="en-US">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width,initial-scale=1">
    <title>权限服务器keto | anyang的博客</title>
    <meta name="description" content="千里之行,始于足下">
    <meta name="generator" content="VuePress 1.3.1">
    <link rel="icon" href="/img/favicon.ico">
  <script charset="utf-8" src="/js/main.js"></script>
  <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.slim.min.js"></script>
  <script src="https://cdnjs.cloudflare.com/ajax/libs/fancybox/3.5.2/jquery.fancybox.min.js"></script>
  <link rel="stylesheet" type="text/css" href="https://cdnjs.cloudflare.com/ajax/libs/fancybox/3.5.2/jquery.fancybox.min.css">
  <meta name="keywords" content="福小林,奔奔,ourLang,CentOS,JAVA,vue组件,lsdCloud">
  <script async="async" src="https://www.googletagmanager.com/gtag/js?id=UA-146891701-1"></script>
  <script>window.dataLayer = window.dataLayer || [];
      function gtag(){dataLayer.push(arguments);}
      gtag('js', new Date());
    
      gtag('config', 'UA-146891701-1');</script>
  <script>var _hmt = _hmt || [];
      (function() {
        var hm = document.createElement("script");
        hm.src = "https://hm.baidu.com/hm.js?56eae8eec590ccaef1d5ff99d766f315";
        var s = document.getElementsByTagName("script")[0]; 
        s.parentNode.insertBefore(hm, s);
      })();</script>
    
    <link rel="preload" href="/assets/css/0.styles.9fff9873.css" as="style"><link rel="preload" href="/assets/js/app.1bc80adb.js" as="script"><link rel="preload" href="/assets/js/2.7c0608ab.js" as="script"><link rel="preload" href="/assets/js/37.d8658de5.js" as="script"><link rel="prefetch" href="/assets/js/10.81caa2ab.js"><link rel="prefetch" href="/assets/js/100.05bb269d.js"><link rel="prefetch" href="/assets/js/101.3e18b4d6.js"><link rel="prefetch" href="/assets/js/102.c7d7ed9c.js"><link rel="prefetch" href="/assets/js/103.4c771ce7.js"><link rel="prefetch" href="/assets/js/104.a2acd367.js"><link rel="prefetch" href="/assets/js/105.63399350.js"><link rel="prefetch" href="/assets/js/106.8a4744cc.js"><link rel="prefetch" href="/assets/js/107.7739d796.js"><link rel="prefetch" href="/assets/js/108.8008ae33.js"><link rel="prefetch" href="/assets/js/109.01c63898.js"><link rel="prefetch" href="/assets/js/11.7b837560.js"><link rel="prefetch" href="/assets/js/110.ad01aca9.js"><link rel="prefetch" href="/assets/js/111.3d74db70.js"><link rel="prefetch" href="/assets/js/112.67f55c34.js"><link rel="prefetch" href="/assets/js/113.016cd3c0.js"><link rel="prefetch" href="/assets/js/114.860e4b2b.js"><link rel="prefetch" href="/assets/js/115.b2f26258.js"><link rel="prefetch" href="/assets/js/116.8bea67b4.js"><link rel="prefetch" href="/assets/js/117.20682843.js"><link rel="prefetch" href="/assets/js/118.86a22e16.js"><link rel="prefetch" href="/assets/js/119.ad518bea.js"><link rel="prefetch" href="/assets/js/12.8fd78714.js"><link rel="prefetch" href="/assets/js/120.f97dd86f.js"><link rel="prefetch" href="/assets/js/121.c5601b4a.js"><link rel="prefetch" href="/assets/js/122.2889645a.js"><link rel="prefetch" href="/assets/js/13.ebf26820.js"><link rel="prefetch" href="/assets/js/14.b92dca09.js"><link rel="prefetch" href="/assets/js/15.b3dcef45.js"><link rel="prefetch" href="/assets/js/16.50378990.js"><link rel="prefetch" href="/assets/js/17.056bba2b.js"><link rel="prefetch" href="/assets/js/18.9047bb38.js"><link rel="prefetch" href="/assets/js/19.ab53b0fe.js"><link rel="prefetch" href="/assets/js/20.fe0b8af0.js"><link rel="prefetch" href="/assets/js/21.20a702f3.js"><link rel="prefetch" href="/assets/js/22.0ee08d29.js"><link rel="prefetch" href="/assets/js/23.02039a9a.js"><link rel="prefetch" href="/assets/js/24.363d3d74.js"><link rel="prefetch" href="/assets/js/25.dd6b101e.js"><link rel="prefetch" href="/assets/js/26.20493714.js"><link rel="prefetch" href="/assets/js/27.708723e5.js"><link rel="prefetch" href="/assets/js/28.4561834a.js"><link rel="prefetch" href="/assets/js/29.15cfcf5f.js"><link rel="prefetch" href="/assets/js/3.8d39d40c.js"><link rel="prefetch" href="/assets/js/30.04ab69de.js"><link rel="prefetch" href="/assets/js/31.b11c4302.js"><link rel="prefetch" href="/assets/js/32.81ae74ee.js"><link rel="prefetch" href="/assets/js/33.ddf09cc0.js"><link rel="prefetch" href="/assets/js/34.bc3549f7.js"><link rel="prefetch" href="/assets/js/35.4a0e0ebd.js"><link rel="prefetch" href="/assets/js/36.961a1c50.js"><link rel="prefetch" href="/assets/js/38.f76063aa.js"><link rel="prefetch" href="/assets/js/39.73edd08f.js"><link rel="prefetch" href="/assets/js/4.916af9bf.js"><link rel="prefetch" href="/assets/js/40.72314bff.js"><link rel="prefetch" href="/assets/js/41.c5eb1147.js"><link rel="prefetch" href="/assets/js/42.07aeafbb.js"><link rel="prefetch" href="/assets/js/43.c4a652ba.js"><link rel="prefetch" href="/assets/js/44.91fbe22b.js"><link rel="prefetch" href="/assets/js/45.6eecf0c4.js"><link rel="prefetch" href="/assets/js/46.81b7f108.js"><link rel="prefetch" href="/assets/js/47.b4468ab3.js"><link rel="prefetch" href="/assets/js/48.df205f23.js"><link rel="prefetch" href="/assets/js/49.7df59fa3.js"><link rel="prefetch" href="/assets/js/5.4fcd540a.js"><link rel="prefetch" href="/assets/js/50.0dc2fc5b.js"><link rel="prefetch" href="/assets/js/51.1ffabe54.js"><link rel="prefetch" href="/assets/js/52.2269d284.js"><link rel="prefetch" href="/assets/js/53.81b23843.js"><link rel="prefetch" href="/assets/js/54.b3249def.js"><link rel="prefetch" href="/assets/js/55.50dcf2af.js"><link rel="prefetch" href="/assets/js/56.c399c272.js"><link rel="prefetch" href="/assets/js/57.024f1dbb.js"><link rel="prefetch" href="/assets/js/58.680c6cf4.js"><link rel="prefetch" href="/assets/js/59.2291e9d7.js"><link rel="prefetch" href="/assets/js/6.7610d1d4.js"><link rel="prefetch" href="/assets/js/60.e59a26c1.js"><link rel="prefetch" href="/assets/js/61.ff5c64e4.js"><link rel="prefetch" href="/assets/js/62.7d97062c.js"><link rel="prefetch" href="/assets/js/63.6456dc7e.js"><link rel="prefetch" href="/assets/js/64.0b055680.js"><link rel="prefetch" href="/assets/js/65.9f25601c.js"><link rel="prefetch" href="/assets/js/66.cd973084.js"><link rel="prefetch" href="/assets/js/67.9b8f9716.js"><link rel="prefetch" href="/assets/js/68.d6c1869a.js"><link rel="prefetch" href="/assets/js/69.0a3688dd.js"><link rel="prefetch" href="/assets/js/7.9ebbd956.js"><link rel="prefetch" href="/assets/js/70.22f48891.js"><link rel="prefetch" href="/assets/js/71.9eb4fda9.js"><link rel="prefetch" href="/assets/js/72.ca4fa80c.js"><link rel="prefetch" href="/assets/js/73.17d1ab37.js"><link rel="prefetch" href="/assets/js/74.139691db.js"><link rel="prefetch" href="/assets/js/75.08d0560f.js"><link rel="prefetch" href="/assets/js/76.61078c10.js"><link rel="prefetch" href="/assets/js/77.4482adcc.js"><link rel="prefetch" href="/assets/js/78.166f2c37.js"><link rel="prefetch" href="/assets/js/79.2c7d6b79.js"><link rel="prefetch" href="/assets/js/8.6f8916c2.js"><link rel="prefetch" href="/assets/js/80.80445c3f.js"><link rel="prefetch" href="/assets/js/81.14e3bae8.js"><link rel="prefetch" href="/assets/js/82.7dac687f.js"><link rel="prefetch" href="/assets/js/83.1dd2e78e.js"><link rel="prefetch" href="/assets/js/84.23b759de.js"><link rel="prefetch" href="/assets/js/85.7574f69f.js"><link rel="prefetch" href="/assets/js/86.102dac61.js"><link rel="prefetch" href="/assets/js/87.8f5d639e.js"><link rel="prefetch" href="/assets/js/88.e564cbbe.js"><link rel="prefetch" href="/assets/js/89.cd66eb78.js"><link rel="prefetch" href="/assets/js/9.baa162db.js"><link rel="prefetch" href="/assets/js/90.685c6878.js"><link rel="prefetch" href="/assets/js/91.b8d1b7ea.js"><link rel="prefetch" href="/assets/js/92.1faa374d.js"><link rel="prefetch" href="/assets/js/93.cf5ff33c.js"><link rel="prefetch" href="/assets/js/94.8a02aefb.js"><link rel="prefetch" href="/assets/js/95.1b379a5b.js"><link rel="prefetch" href="/assets/js/96.9fd67185.js"><link rel="prefetch" href="/assets/js/97.c5a6a5a1.js"><link rel="prefetch" href="/assets/js/98.9a231411.js"><link rel="prefetch" href="/assets/js/99.5b344cab.js">
    <link rel="stylesheet" href="/assets/css/0.styles.9fff9873.css">
  </head>
  <body>
    <div id="app" data-server-rendered="true"><div class="theme-container"><header class="navbar"><div class="sidebar-button"><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" role="img" viewBox="0 0 448 512" class="icon"><path fill="currentColor" d="M436 124H12c-6.627 0-12-5.373-12-12V80c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12z"></path></svg></div> <a href="/" class="home-link router-link-active"><!----> <span class="site-name">anyang的博客</span></a> <div class="links"><div class="search-box"><input aria-label="Search" autocomplete="off" spellcheck="false" value=""> <!----></div> <nav class="nav-links can-hide"><div class="nav-item"><a href="/" class="nav-link">
  主页
</a></div><div class="nav-item"><a href="/study-guide/introduction.html" class="nav-link">
  学习指南
</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="技术分类" class="dropdown-title"><span class="title">技术分类</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/java/introduction.html" class="nav-link">
  Java
</a></li><li class="dropdown-item"><!----> <a href="/go/introduction.html" class="nav-link">
  Go
</a></li><li class="dropdown-item"><!----> <a href="/sql/introduction.html" class="nav-link">
  SQL
</a></li><li class="dropdown-item"><!----> <a href="/fhir/introduction.html" class="nav-link">
  FHIR
</a></li></ul></div></div><div class="nav-item"><a href="/blog/introduction.html" class="nav-link">
  个人博客
</a></div><div class="nav-item"><a href="/tool/developmentBox.html" class="nav-link">
  开发百宝箱
</a></div><div class="nav-item"><a href="/project/introduction.html" class="nav-link">
  项目分享
</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="了解更多" class="dropdown-title"><span class="title">了解更多</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="http://wpa.qq.com/msgrd?v=3&amp;uin=1300378587&amp;site=qq&amp;menu=yes" target="_blank" rel="noopener noreferrer" class="nav-link external">
  其他合作
  <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg></a></li><li class="dropdown-item"><!----> <a href="http://www.lsdcloud.com/" target="_blank" rel="noopener noreferrer" class="nav-link external">
  友情网站
  <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg></a></li><li class="dropdown-item"><!----> <a href="https://github.com/ourlang" target="_blank" rel="noopener noreferrer" class="nav-link external">
  Github
  <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg></a></li><li class="dropdown-item"><!----> <a href="https://gitee.com/anlexanyang" target="_blank" rel="noopener noreferrer" class="nav-link external">
  码云
  <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg></a></li><li class="dropdown-item"><!----> <a href="https://blog.csdn.net/qq_37493556" target="_blank" rel="noopener noreferrer" class="nav-link external">
  CSDN
  <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg></a></li></ul></div></div><div class="nav-item"><a href="/linkExchanges/introduction.html" class="nav-link">
  友情链接
</a></div> <!----></nav></div></header> <div class="sidebar-mask"></div> <aside class="sidebar"><nav class="nav-links"><div class="nav-item"><a href="/" class="nav-link">
  主页
</a></div><div class="nav-item"><a href="/study-guide/introduction.html" class="nav-link">
  学习指南
</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="技术分类" class="dropdown-title"><span class="title">技术分类</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/java/introduction.html" class="nav-link">
  Java
</a></li><li class="dropdown-item"><!----> <a href="/go/introduction.html" class="nav-link">
  Go
</a></li><li class="dropdown-item"><!----> <a href="/sql/introduction.html" class="nav-link">
  SQL
</a></li><li class="dropdown-item"><!----> <a href="/fhir/introduction.html" class="nav-link">
  FHIR
</a></li></ul></div></div><div class="nav-item"><a href="/blog/introduction.html" class="nav-link">
  个人博客
</a></div><div class="nav-item"><a href="/tool/developmentBox.html" class="nav-link">
  开发百宝箱
</a></div><div class="nav-item"><a href="/project/introduction.html" class="nav-link">
  项目分享
</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="了解更多" class="dropdown-title"><span class="title">了解更多</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="http://wpa.qq.com/msgrd?v=3&amp;uin=1300378587&amp;site=qq&amp;menu=yes" target="_blank" rel="noopener noreferrer" class="nav-link external">
  其他合作
  <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg></a></li><li class="dropdown-item"><!----> <a href="http://www.lsdcloud.com/" target="_blank" rel="noopener noreferrer" class="nav-link external">
  友情网站
  <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg></a></li><li class="dropdown-item"><!----> <a href="https://github.com/ourlang" target="_blank" rel="noopener noreferrer" class="nav-link external">
  Github
  <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg></a></li><li class="dropdown-item"><!----> <a href="https://gitee.com/anlexanyang" target="_blank" rel="noopener noreferrer" class="nav-link external">
  码云
  <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg></a></li><li class="dropdown-item"><!----> <a href="https://blog.csdn.net/qq_37493556" target="_blank" rel="noopener noreferrer" class="nav-link external">
  CSDN
  <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg></a></li></ul></div></div><div class="nav-item"><a href="/linkExchanges/introduction.html" class="nav-link">
  友情链接
</a></div> <!----></nav>  <ul class="sidebar-links"><li><a href="/blog/introduction.html" class="sidebar-link">博主介绍</a></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading open"><span>Go</span> <span class="arrow down"></span></p> <ul class="sidebar-links sidebar-group-items"><li><a href="/blog/Go/11  需求规格说明书.html" class="sidebar-link">权限需求规格说明书</a></li><li><a href="/blog/Go/12  用户中心kratos.html" class="sidebar-link">用户中心kratos</a></li><li><a href="/blog/Go/13  权限服务器keto.html" class="active sidebar-link">权限服务器keto</a><ul class="sidebar-sub-headers"><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_1-代码下载" class="sidebar-link">1 代码下载</a></li><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_2-关键词介绍" class="sidebar-link">2 关键词介绍</a><ul class="sidebar-sub-headers"><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_2-1-rbac" class="sidebar-link">2.1 RBAC</a></li><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_2-1-abac" class="sidebar-link">2.1 ABAC</a></li><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_2-3-采坑bug修改" class="sidebar-link">2.3 采坑bug修改</a></li></ul></li><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_3-项目运行" class="sidebar-link">3 项目运行</a><ul class="sidebar-sub-headers"><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_3-1-代码示例" class="sidebar-link">3.1 代码示例</a></li><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_3-2-启动服务" class="sidebar-link">3.2 启动服务</a></li><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_3-3-项目api" class="sidebar-link">3.3 项目API</a></li><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_3-4-主要是要用的访问策略" class="sidebar-link">3.4 主要是要用的访问策略</a></li></ul></li><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_4-ory-access-control-policies" class="sidebar-link">4 ORY Access Control Policies</a><ul class="sidebar-sub-headers"><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_4-1-策略准备" class="sidebar-link">4.1 策略准备</a></li><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_4-2-json实例" class="sidebar-link">4.2 json实例</a></li><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_4-3-主要请求及其说明" class="sidebar-link">4.3 主要请求及其说明</a></li><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_4-4-检查请求是否允许通过" class="sidebar-link">4.4 检查请求是否允许通过</a></li><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_4-5-参数列表" class="sidebar-link">4.5 参数列表</a></li></ul></li><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_5-访问控制策略操作" class="sidebar-link">5 访问控制策略操作</a><ul class="sidebar-sub-headers"><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_5-1-获取访问控制策略集合" class="sidebar-link">5.1 获取访问控制策略集合</a></li><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_5-2-更新访问控制策略" class="sidebar-link">5.2 更新访问控制策略</a></li><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_5-3-查询具体的策略" class="sidebar-link">5.3 查询具体的策略</a></li><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_5-4-删除访问控制策略" class="sidebar-link">5.4  删除访问控制策略</a></li></ul></li><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_6-访问控制策略角色操作" class="sidebar-link">6 访问控制策略角色操作</a><ul class="sidebar-sub-headers"><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_6-1-查询寻访问控制角色集合" class="sidebar-link">6.1 查询寻访问控制角色集合</a></li><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_6-2-添加访问控制的角色" class="sidebar-link">6.2 添加访问控制的角色</a></li><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_6-3-获取访问控制角色信息" class="sidebar-link">6.3 获取访问控制角色信息</a></li><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_6-4-删除访问控制角色信息" class="sidebar-link">6.4 删除访问控制角色信息</a></li><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_6-5-为角色添加用户" class="sidebar-link">6.5 为角色添加用户</a></li><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_6-6从角色中删除某个用户成员" class="sidebar-link">6.6从角色中删除某个用户成员</a></li></ul></li><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_7-健康检查" class="sidebar-link">7 健康检查</a><ul class="sidebar-sub-headers"><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_7-1-检查存活状态" class="sidebar-link">7.1 检查存活状态</a></li><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_7-2-检查准备就绪" class="sidebar-link">7.2 检查准备就绪</a></li><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_7-3-获取当前版本" class="sidebar-link">7.3 获取当前版本</a></li></ul></li><li class="sidebar-sub-header"><a href="/blog/Go/13  权限服务器keto.html#_8-测试样例" class="sidebar-link">8 测试样例</a></li></ul></li><li><a href="/blog/Go/14  Hydra项目介绍.html" class="sidebar-link">Hydra项目介绍</a></li></ul></section></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading"><span>Java</span> <span class="arrow right"></span></p> <!----></section></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading"><span>CentOS</span> <span class="arrow right"></span></p> <!----></section></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading"><span>数据库</span> <span class="arrow right"></span></p> <!----></section></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading"><span>正则表达式</span> <span class="arrow right"></span></p> <!----></section></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading"><span>版本控制器</span> <span class="arrow right"></span></p> <!----></section></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading"><span>ElasticSearch</span> <span class="arrow right"></span></p> <!----></section></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading"><span>Spring Cloud Alibaba</span> <span class="arrow right"></span></p> <!----></section></li></ul> </aside> <main class="page"> <div class="theme-default-content content__default"><h1 id="权限服务器keto"><a href="#权限服务器keto" class="header-anchor">#</a> 权限服务器keto</h1> <div class="custom-block danger"><p class="custom-block-title">keto介绍</p> <p>ORY Keto是一种权限服务器，它实现最佳实践访问控制机制：</p> <ul><li>今天可用：具有精确，全局和正则表达式匹配策略的ORY风格的访问控制策略</li> <li>即将推出：</li> <li>访问控制列表</li> <li>基于角色的访问控制</li> <li>具有上下文的基于角色的访问控制（Google / Kubernetes风格）</li> <li>Amazon Web Services身份和访问管理策略（AWS IAM策略）</li> <li>每种机制都由在开放策略代理之上实现的决策引擎提供动力,并提供定义明确的管理和授权端点</li></ul></div> <h2 id="_1-代码下载"><a href="#_1-代码下载" class="header-anchor">#</a> 1 代码下载</h2> <p><a href="https://github.com/ory/keto" target="_blank" rel="noopener noreferrer">keto源码地址下载<svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg></a></p> <p><a href="https://www.ory.sh/?utm_source=github&amp;utm_medium=banner&amp;utm_campaign=keto" target="_blank" rel="noopener noreferrer">官方文档简单说明<svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg></a></p> <div class="custom-block tip"><p class="custom-block-title">解压说明</p> <p><strong>把下载的源码解压后放在本地<code>%GOPATH%/src</code>目录下</strong></p> <p><strong>注:GOPATH为项目的运行时的工作空间位置,GOPATH其中包含三个子目录如下</strong></p> <ul><li>src 目录包含Go的源文件，它们被组织成包（每个目录都对应一个包）</li> <li>pkg 目录包含包对象</li> <li>bin 目录包含可执行命令</li></ul></div> <p><a data-fancybox="" title="keto存放位置" href="/img/goImage/keto1.png"><img src="/img/goImage/keto1.png" alt="keto存放位置"></a></p> <h2 id="_2-关键词介绍"><a href="#_2-关键词介绍" class="header-anchor">#</a> 2 关键词介绍</h2> <h3 id="_2-1-rbac"><a href="#_2-1-rbac" class="header-anchor">#</a> 2.1 RBAC</h3> <div class="custom-block tip"><p class="custom-block-title">RBAC介绍</p> <p>​RBAC是基于角色的访问控制（<code>Role-Based Access Control</code> ）在 RBAC  中，权限与角色相关联，用户通过成为适当角色的成员而得到这些角色的权限。这就极大地简化了权限的管理。这样管理都是层级相互依赖的，权限赋予给角色，而把角色又赋予用户，这样的权限设计很清楚，管理起来很方便。
。RBAC  认为授权实际上是<code>Who</code> 、<code>What</code> 、<code>How</code> 三元组之间的关系，也就是<code>Who</code> 对<code>What</code> 进行<code>How</code> 的操作，也就是“主体”对“客体”的操作。
然后 RBAC  又分为<code>RBAC0、RBAC1、RBAC2、RBAC3</code> ，如果你不知道他们有什么区别，你可以百度百科：<a href="http://baike.baidu.com/link?url=Tg3nxejvD2QVLLkjKa_4XaQoOWSPAVpR1FgHAG_gANcamtN2cYIm1r1irNw9VZ816FBrMEvdoYqwzixqdHd5e_" target="_blank" rel="noopener noreferrer">百度百科-RBAC<svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg></a> ,也可以看看我的介绍。</p> <ul><li><code>Who</code>：是权限的拥有者或主体（如：User，Role）。</li> <li><code>What</code>：是操作或对象（operation，object）。</li> <li><code>How</code>：具体的权限（Privilege,正向授权与负向授权）。</li></ul></div> <h3 id="_2-1-abac"><a href="#_2-1-abac" class="header-anchor">#</a> 2.1 ABAC</h3> <div class="custom-block tip"><p class="custom-block-title">ABAC介绍</p> <p>ABAC（Attribute Base Access Control） 基于属性的权限控制，不同于常见的将用户通过某种方式关联到权限的方式，ABAC则是通过动态计算一个或一组属性来是否满足某种条件来进行授权判断（可以编写简单的逻辑）。属性通常来说分为四类：用户属性（如用户年龄），环境属性（如当前时间），操作属性（如读取）和对象属性（如一篇文章，又称资源属性），所以理论上能够实现非常灵活的权限控制，几乎能满足所有类型的需求。
访问控制列表(**ACL **)是一种基于包过滤的<a href="https://baike.baidu.com/item/%E8%AE%BF%E9%97%AE%E6%8E%A7%E5%88%B6%E6%8A%80%E6%9C%AF/5652430" target="_blank" rel="noopener noreferrer">访问控制技术<svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg></a>，它可以根据设定的条件对接口上的数据包进行过滤，允许其通过或丢弃。访问控制列表被广泛地应用于<a href="https://baike.baidu.com/item/%E8%B7%AF%E7%94%B1%E5%99%A8/108294" target="_blank" rel="noopener noreferrer">路由器<svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg></a>和三层<a href="https://baike.baidu.com/item/%E4%BA%A4%E6%8D%A2%E6%9C%BA/103532" target="_blank" rel="noopener noreferrer">交换机<svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg></a>，借助于访问控制列表，可以有效地控制用户对网络的访问，从而最大程度地保障网络安全。</p></div> <h3 id="_2-3-采坑bug修改"><a href="#_2-3-采坑bug修改" class="header-anchor">#</a> 2.3 采坑bug修改</h3> <p><a data-fancybox="" title="bug" href="/img/goImage/bug1.png"><img src="/img/goImage/bug1.png" alt="bug"></a></p> <p>将url.go 中的
<a data-fancybox="" title="bug1xxiu" href="/img/goImage/bug1xxiu.png"><img src="/img/goImage/bug1xxiu.png" alt="bug1xxiu"></a></p> <p>修改为
<a data-fancybox="" title="bug1xiu" href="/img/goImage/bug1xiu.png"><img src="/img/goImage/bug1xiu.png" alt="bug1xiu"></a></p> <p>这个问题存在是由于应用源码对字符串的解析问题，可以不写端口，采用默认的端口</p> <h2 id="_3-项目运行"><a href="#_3-项目运行" class="header-anchor">#</a> 3 项目运行</h2> <blockquote><p>官方代码下载后编译成keto.exe执行，直接执行指挥出现提示页面</p></blockquote> <h3 id="_3-1-代码示例"><a href="#_3-1-代码示例" class="header-anchor">#</a> 3.1 代码示例</h3> <div class="language-yaml line-numbers-mode"><pre class="language-yaml"><code><span class="token key atrule">dsn</span><span class="token punctuation">:</span> mysql<span class="token punctuation">:</span>//root<span class="token punctuation">:</span>minda123@tcp(127.0.0.1)/keto<span class="token punctuation">?</span>parseTime=true<span class="token important">&amp;multiStatements</span>=true 
<span class="token comment"># 这里如果用默认端口就不要加端口号：3306</span>

<span class="token key atrule">secrets</span><span class="token punctuation">:</span>
  <span class="token key atrule">system</span><span class="token punctuation">:</span>
    <span class="token punctuation">-</span> admin1
    <span class="token punctuation">-</span> admin2
    <span class="token punctuation">-</span> admin3
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br></div></div><div class="language-go line-numbers-mode"><pre class="language-go"><code><span class="token operator">&gt;</span>keto<span class="token punctuation">.</span>exe <span class="token operator">--</span>config F<span class="token punctuation">:</span><span class="token operator">/</span>awesomeProject<span class="token operator">/</span>bin<span class="token operator">/</span>config<span class="token punctuation">.</span>yaml migrate sql <span class="token operator">-</span>e
      
time<span class="token operator">=</span><span class="token string">&quot;2019-12-25T16:27:28+08:00&quot;</span> level<span class="token operator">=</span>info msg<span class="token operator">=</span><span class="token string">&quot;Connecting with mysql://*:*@tcp(127.0.0.1)/keto?multiStatements=true&quot;</span>
time<span class="token operator">=</span><span class="token string">&quot;2019-12-25T16:27:28+08:00&quot;</span> level<span class="token operator">=</span>info msg<span class="token operator">=</span><span class="token string">&quot;Connected to SQL!&quot;</span>
time<span class="token operator">=</span><span class="token string">&quot;2019-12-25T16:27:28+08:00&quot;</span> level<span class="token operator">=</span>info msg<span class="token operator">=</span><span class="token string">&quot;Applying storage SQL migrations...&quot;</span>
time<span class="token operator">=</span><span class="token string">&quot;2019-12-25T16:27:28+08:00&quot;</span> level<span class="token operator">=</span>info msg<span class="token operator">=</span><span class="token string">&quot;Successfully applied SQL migrations&quot;</span> applied_migrations<span class="token operator">=</span><span class="token number">1</span> migration<span class="token operator">=</span>name
time<span class="token operator">=</span><span class="token string">&quot;2019-12-25T16:27:28+08:00&quot;</span> level<span class="token operator">=</span>info msg<span class="token operator">=</span><span class="token string">&quot;Done applying storage SQL migrations&quot;</span>

</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br></div></div><h3 id="_3-2-启动服务"><a href="#_3-2-启动服务" class="header-anchor">#</a> 3.2 启动服务</h3> <div class="language-go line-numbers-mode"><pre class="language-go"><code>serve <span class="token operator">--</span>config F<span class="token punctuation">:</span><span class="token operator">/</span>awesomeProject<span class="token operator">/</span>bin<span class="token operator">/</span>config<span class="token punctuation">.</span>yaml
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><h3 id="_3-3-项目api"><a href="#_3-3-项目api" class="header-anchor">#</a> 3.3 项目API</h3> <p><a href="/go/middleware/go-swagger.html" style="display:block;margin-block-start:1em;margin-block-end:1em;margin-inline-start:0px;margin-inline-end:0px;"><strong>swagger安装教程</strong></a></p> <blockquote><p>进入项目根目录，启动swagger服务</p></blockquote> <div class="language-go line-numbers-mode"><pre class="language-go"><code>swagger serve <span class="token operator">-</span>F<span class="token operator">=</span>swagger F<span class="token punctuation">:</span>\awesomeProject\src\github<span class="token punctuation">.</span>com\ory\keto\docs\api<span class="token punctuation">.</span>swagger<span class="token punctuation">.</span>json
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p><strong>运行成功后会提示服务运行在的地址，点击进入即可看到如下页面：</strong> <a data-fancybox="" title="canvas" href="/img/goImage/canvas.png"><img src="/img/goImage/canvas.png" alt="canvas"></a></p> <h3 id="_3-4-主要是要用的访问策略"><a href="#_3-4-主要是要用的访问策略" class="header-anchor">#</a> 3.4 主要是要用的访问策略</h3> <h4 id="acl："><a href="#acl：" class="header-anchor">#</a> ACL：</h4> <p>访问控制列表</p> <table><thead><tr><th></th> <th>blog_post.create</th> <th>blog_post.delete</th> <th>blog_post.modify</th> <th>blog_post.read</th></tr></thead> <tbody><tr><td>Alice</td> <td>yes</td> <td>yes</td> <td>yes</td> <td>yes</td></tr> <tr><td>Bob</td> <td>no</td> <td>no</td> <td>no</td> <td>yes</td></tr> <tr><td>Peter</td> <td>yes</td> <td>no</td> <td>yes</td> <td>yes</td></tr></tbody></table> <h4 id="rbac："><a href="#rbac：" class="header-anchor">#</a> RBAC：</h4> <p><img src="https://d33wubrfki0l68.cloudfront.net/bedd59da2bde604df342c288215d5646909dd06d/32c0e/images/docs/keto/rbac.png" alt="RBAC"></p> <h2 id="_4-ory-access-control-policies"><a href="#_4-ory-access-control-policies" class="header-anchor">#</a> 4 ORY Access Control Policies</h2> <h3 id="_4-1-策略准备"><a href="#_4-1-策略准备" class="header-anchor">#</a> 4.1 策略准备</h3> <blockquote><p>put请求：http://127.0.0.1:4444//engines/acp/ory/glob/policies</p></blockquote> <div class="language-json line-numbers-mode"><pre class="language-json"><code><span class="token punctuation">{</span>
  <span class="token property">&quot;subjects&quot;</span><span class="token operator">:</span> <span class="token punctuation">[</span><span class="token string">&quot;alice&quot;</span><span class="token punctuation">]</span><span class="token punctuation">,</span>
  <span class="token property">&quot;resources&quot;</span><span class="token operator">:</span> <span class="token punctuation">[</span><span class="token string">&quot;blog_posts:my-first-blog-post&quot;</span><span class="token punctuation">]</span><span class="token punctuation">,</span>
  <span class="token property">&quot;actions&quot;</span><span class="token operator">:</span> <span class="token punctuation">[</span><span class="token string">&quot;delete&quot;</span><span class="token punctuation">]</span><span class="token punctuation">,</span>
  <span class="token property">&quot;effect&quot;</span><span class="token operator">:</span> <span class="token string">&quot;allow&quot;</span>
<span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br></div></div><p>同样：</p> <div class="language-json line-numbers-mode"><pre class="language-json"><code><span class="token punctuation">{</span>
  <span class="token property">&quot;subjects&quot;</span><span class="token operator">:</span> <span class="token punctuation">[</span><span class="token string">&quot;alice&quot;</span><span class="token punctuation">,</span> <span class="token string">&quot;bob&quot;</span><span class="token punctuation">]</span><span class="token punctuation">,</span>
  <span class="token property">&quot;resources&quot;</span><span class="token operator">:</span> <span class="token punctuation">[</span>
    <span class="token string">&quot;blog_posts:my-first-blog-post&quot;</span><span class="token punctuation">,</span>
    <span class="token string">&quot;blog_posts:2&quot;</span><span class="token punctuation">,</span>
    <span class="token string">&quot;blog_posts:3&quot;</span>
  <span class="token punctuation">]</span><span class="token punctuation">,</span>
  <span class="token property">&quot;actions&quot;</span><span class="token operator">:</span> <span class="token punctuation">[</span><span class="token string">&quot;delete&quot;</span><span class="token punctuation">,</span> <span class="token string">&quot;create&quot;</span><span class="token punctuation">,</span> <span class="token string">&quot;read&quot;</span><span class="token punctuation">,</span> <span class="token string">&quot;modify&quot;</span><span class="token punctuation">]</span><span class="token punctuation">,</span>
  <span class="token property">&quot;effect&quot;</span><span class="token operator">:</span> <span class="token string">&quot;allow&quot;</span>
<span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br></div></div><p>会在数据库生成新的记录</p> <div class="language-json line-numbers-mode"><pre class="language-json"><code><span class="token punctuation">{</span>
  <span class="token property">&quot;subjects&quot;</span><span class="token operator">:</span> <span class="token punctuation">[</span><span class="token string">&quot;peter&quot;</span><span class="token punctuation">]</span><span class="token punctuation">,</span>
  <span class="token property">&quot;resources&quot;</span><span class="token operator">:</span> <span class="token punctuation">[</span>
    <span class="token string">&quot;blog_posts:my-first-blog-post&quot;</span><span class="token punctuation">,</span>
    <span class="token string">&quot;blog_posts:2&quot;</span><span class="token punctuation">,</span>
    <span class="token string">&quot;blog_posts:3&quot;</span>
  <span class="token punctuation">]</span><span class="token punctuation">,</span>
  <span class="token property">&quot;actions&quot;</span><span class="token operator">:</span> <span class="token punctuation">[</span><span class="token string">&quot;delete&quot;</span><span class="token punctuation">,</span> <span class="token string">&quot;create&quot;</span><span class="token punctuation">,</span> <span class="token string">&quot;read&quot;</span><span class="token punctuation">,</span> <span class="token string">&quot;modify&quot;</span><span class="token punctuation">]</span><span class="token punctuation">,</span>
  <span class="token property">&quot;effect&quot;</span><span class="token operator">:</span> <span class="token string">&quot;deny&quot;</span>
<span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br></div></div><p>The <code>:</code> is a delimiter in ORY Access Control Policies. Other supported syntax
is:</p> <p><strong>single symbol wildcard:</strong> <code>?at</code> matches <code>cat</code> and <code>bat</code> but not <code>at</code> <strong>wildcard:</strong> <code>foo:*:bar</code> matches <code>foo:baz:bar</code> and <code>foo:zab:bar</code> but not
<code>foo:bar</code> nor <code>foo:baz:baz:bar</code> <strong>super wildcard:</strong> <code>foo:**:bar</code> matches <code>foo:baz:baz:bar</code>, <code>foo:baz:bar</code>, and
<code>foo:bar</code>, but not <code>foobar</code> or <code>foo:baz</code> <strong>character list:</strong> <code>[cb]at</code> matches <code>cat</code> and <code>bat</code> but not <code>mat</code> nor <code>at</code>.
<strong>negated character list:</strong> <code>[!cb]at</code> matches <code>tat</code> and <code>mat</code> but not <code>cat</code>
nor <code>bat</code>.
<strong>ranged character list:</strong> <code>[a-c]at</code> <code>cat</code> and <code>bat</code> but not <code>mat</code> nor <code>at</code>.
<strong>negated ranged character list:</strong> <code>[!a-c]at</code> matches <code>mat</code> and <code>tat</code> but not
<code>cat</code> nor <code>bat</code>.
<strong>alternatives list:</strong> <code>{cat,bat,[mt]at}</code> matches <code>cat</code>, <code>bat</code>, <code>mat</code>, <code>tat</code>
and nothing else.
<strong>backslash:</strong> <code>foo\\bar</code> matches <code>foo\bar</code> and nothing else. <code>foo\bar</code>
matches <code>foobar</code> and nothing else. <code>foo\*bar</code> matches <code>foo*bar</code> and nothing
else. Please note that when using JSON you need to double escape backslashes:
<code>foo\\bar</code> becomes <code>{&quot;...&quot;: &quot;foo\\\\bar&quot;}</code>.</p> <p>The pattern syntax is:</p> <div class="language-json line-numbers-mode"><pre class="language-json"><code>  pattern<span class="token operator">:</span>

      <span class="token punctuation">{</span> term <span class="token punctuation">}</span>

  term<span class="token operator">:</span>

      *         matches any sequence of non-separator characters

      **        matches any sequence of characters

      ?         matches any single non-separator character

      <span class="token punctuation">[</span> <span class="token punctuation">[</span> ! <span class="token punctuation">]</span> <span class="token punctuation">{</span> character-range <span class="token punctuation">}</span> <span class="token punctuation">]</span>

                  character class (must be non-empty)

      <span class="token punctuation">{</span> pattern-list <span class="token punctuation">}</span>

                  pattern alternatives

      c           matches character c (c != *<span class="token punctuation">,</span> **<span class="token punctuation">,</span> ?<span class="token punctuation">,</span> \<span class="token punctuation">,</span> <span class="token punctuation">[</span><span class="token punctuation">,</span> <span class="token punctuation">{</span><span class="token punctuation">,</span> <span class="token punctuation">}</span>)

      \ c       matches character c

  character-range<span class="token operator">:</span>

      c           matches character c (c != \\<span class="token punctuation">,</span> -<span class="token punctuation">,</span> <span class="token punctuation">]</span>)

      \ c       matches character c

      lo - hi   matches character c for lo &lt;= c &lt;= hi

  pattern-list<span class="token operator">:</span>

      pattern <span class="token punctuation">{</span> <span class="token punctuation">,</span> pattern <span class="token punctuation">}</span>

                  comma-separated (without spaces) pattern

</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br><span class="line-number">17</span><br><span class="line-number">18</span><br><span class="line-number">19</span><br><span class="line-number">20</span><br><span class="line-number">21</span><br><span class="line-number">22</span><br><span class="line-number">23</span><br><span class="line-number">24</span><br><span class="line-number">25</span><br><span class="line-number">26</span><br><span class="line-number">27</span><br><span class="line-number">28</span><br><span class="line-number">29</span><br><span class="line-number">30</span><br><span class="line-number">31</span><br><span class="line-number">32</span><br><span class="line-number">33</span><br><span class="line-number">34</span><br><span class="line-number">35</span><br><span class="line-number">36</span><br><span class="line-number">37</span><br><span class="line-number">38</span><br></div></div><h3 id="_4-2-json实例"><a href="#_4-2-json实例" class="header-anchor">#</a> 4.2 json实例</h3> <div class="language-json line-numbers-mode"><pre class="language-json"><code><span class="token punctuation">{</span>
  <span class="token property">&quot;description&quot;</span><span class="token operator">:</span> <span class="token string">&quot;One policy to rule them all.&quot;</span><span class="token punctuation">,</span>
  <span class="token property">&quot;subjects&quot;</span><span class="token operator">:</span> <span class="token punctuation">[</span><span class="token string">&quot;users:maria:*&quot;</span><span class="token punctuation">]</span><span class="token punctuation">,</span>
  <span class="token property">&quot;actions&quot;</span><span class="token operator">:</span> <span class="token punctuation">[</span><span class="token string">&quot;delete&quot;</span><span class="token punctuation">,</span> <span class="token string">&quot;create&quot;</span><span class="token punctuation">,</span> <span class="token string">&quot;update&quot;</span><span class="token punctuation">,</span><span class="token string">&quot;modify&quot;</span><span class="token punctuation">,</span><span class="token string">&quot;get&quot;</span><span class="token punctuation">,</span><span class="token string">&quot;read&quot;</span><span class="token punctuation">]</span><span class="token punctuation">,</span>
  <span class="token property">&quot;effect&quot;</span><span class="token operator">:</span> <span class="token string">&quot;allow&quot;</span><span class="token punctuation">,</span>
  <span class="token property">&quot;resources&quot;</span><span class="token operator">:</span> <span class="token punctuation">[</span><span class="token string">&quot;resources:articles:&lt;.*&gt;&quot;</span><span class="token punctuation">]</span><span class="token punctuation">,</span>
  <span class="token property">&quot;conditions&quot;</span><span class="token operator">:</span> <span class="token punctuation">{</span>
    <span class="token property">&quot;someKeyName&quot;</span><span class="token operator">:</span> <span class="token punctuation">{</span>
      <span class="token property">&quot;type&quot;</span><span class="token operator">:</span> <span class="token string">&quot;StringMatchCondition&quot;</span><span class="token punctuation">,</span>
      <span class="token property">&quot;options&quot;</span><span class="token operator">:</span> <span class="token punctuation">{</span>
        <span class="token property">&quot;matches&quot;</span><span class="token operator">:</span> <span class="token string">&quot;foo.+&quot;</span>
      <span class="token punctuation">}</span>
    <span class="token punctuation">}</span><span class="token punctuation">,</span>
    <span class="token property">&quot;someKey&quot;</span><span class="token operator">:</span> <span class="token punctuation">{</span>
      <span class="token property">&quot;type&quot;</span><span class="token operator">:</span> <span class="token string">&quot;StringPairsEqualCondition&quot;</span><span class="token punctuation">,</span>
      <span class="token property">&quot;options&quot;</span><span class="token operator">:</span> <span class="token punctuation">{</span><span class="token punctuation">}</span>
    <span class="token punctuation">}</span><span class="token punctuation">,</span> 
    <span class="token property">&quot;myKey&quot;</span><span class="token operator">:</span> <span class="token punctuation">{</span>
      <span class="token property">&quot;type&quot;</span><span class="token operator">:</span> <span class="token string">&quot;StringEqualCondition&quot;</span><span class="token punctuation">,</span>
      <span class="token property">&quot;options&quot;</span><span class="token operator">:</span> <span class="token punctuation">{</span>
        <span class="token property">&quot;equals&quot;</span><span class="token operator">:</span> <span class="token string">&quot;expected-value&quot;</span>
      <span class="token punctuation">}</span>
    <span class="token punctuation">}</span><span class="token punctuation">,</span>      
    <span class="token property">&quot;remoteIPAddress&quot;</span><span class="token operator">:</span> <span class="token punctuation">{</span>
      <span class="token property">&quot;type&quot;</span><span class="token operator">:</span> <span class="token string">&quot;CIDRCondition&quot;</span><span class="token punctuation">,</span>
      <span class="token property">&quot;options&quot;</span><span class="token operator">:</span> <span class="token punctuation">{</span>
        <span class="token property">&quot;cidr&quot;</span><span class="token operator">:</span> <span class="token string">&quot;192.168.0.0/16&quot;</span>
      <span class="token punctuation">}</span>
    <span class="token punctuation">}</span><span class="token punctuation">,</span>
    <span class="token property">&quot;this-key-will-be-matched-with-the-context&quot;</span><span class="token operator">:</span> <span class="token punctuation">{</span>
      <span class="token property">&quot;type&quot;</span><span class="token operator">:</span> <span class="token string">&quot;SomeConditionType&quot;</span><span class="token punctuation">,</span>
      <span class="token property">&quot;options&quot;</span><span class="token operator">:</span> <span class="token punctuation">{</span>
        <span class="token property">&quot;some&quot;</span><span class="token operator">:</span> <span class="token string">&quot;configuration options set by the condition type&quot;</span>
      <span class="token punctuation">}</span>
    <span class="token punctuation">}</span>
  <span class="token punctuation">}</span><span class="token punctuation">,</span>
   <span class="token property">&quot;context&quot;</span><span class="token operator">:</span> <span class="token punctuation">{</span>
    <span class="token property">&quot;someKey&quot;</span><span class="token operator">:</span> <span class="token punctuation">[</span><span class="token punctuation">[</span><span class="token string">&quot;foo&quot;</span><span class="token punctuation">,</span> <span class="token string">&quot;foo&quot;</span><span class="token punctuation">]</span><span class="token punctuation">,</span> <span class="token punctuation">[</span><span class="token string">&quot;bar&quot;</span><span class="token punctuation">,</span> <span class="token string">&quot;bar&quot;</span><span class="token punctuation">]</span><span class="token punctuation">]</span>
  <span class="token punctuation">}</span>
<span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br><span class="line-number">17</span><br><span class="line-number">18</span><br><span class="line-number">19</span><br><span class="line-number">20</span><br><span class="line-number">21</span><br><span class="line-number">22</span><br><span class="line-number">23</span><br><span class="line-number">24</span><br><span class="line-number">25</span><br><span class="line-number">26</span><br><span class="line-number">27</span><br><span class="line-number">28</span><br><span class="line-number">29</span><br><span class="line-number">30</span><br><span class="line-number">31</span><br><span class="line-number">32</span><br><span class="line-number">33</span><br><span class="line-number">34</span><br><span class="line-number">35</span><br><span class="line-number">36</span><br><span class="line-number">37</span><br><span class="line-number">38</span><br><span class="line-number">39</span><br><span class="line-number">40</span><br></div></div><h3 id="_4-3-主要请求及其说明"><a href="#_4-3-主要请求及其说明" class="header-anchor">#</a> 4.3 主要请求及其说明</h3> <h4 id="参数说明"><a href="#参数说明" class="header-anchor">#</a> 参数说明</h4> <h4 id="响应参数说明"><a href="#响应参数说明" class="header-anchor">#</a> 响应参数说明</h4> <table><thead><tr><th>Name</th> <th>Type</th> <th>Required</th> <th>Restrictions</th> <th>Description</th></tr></thead> <tbody><tr><td>code</td> <td>integer(int64)</td> <td>false</td> <td>none</td> <td>none</td></tr> <tr><td>details</td> <td>[object]</td> <td>false</td> <td>none</td> <td>none</td></tr> <tr><td>additionalProperties</td> <td>object</td> <td>false</td> <td>none</td> <td>none</td></tr> <tr><td>message</td> <td>string</td> <td>false</td> <td>none</td> <td>none</td></tr> <tr><td>reason</td> <td>string</td> <td>false</td> <td>none</td> <td>none</td></tr> <tr><td>request</td> <td>string</td> <td>false</td> <td>none</td> <td>none</td></tr> <tr><td>status</td> <td>string</td> <td>false</td> <td>none</td> <td>none</td></tr></tbody></table> <h4 id="请求参数说明"><a href="#请求参数说明" class="header-anchor">#</a> 请求参数说明</h4> <table><thead><tr><th>Parameter</th> <th>In</th> <th style="text-align:left;">Type</th> <th style="text-align:left;">Required</th> <th>Description</th></tr></thead> <tbody><tr><td>flavor</td> <td>path</td> <td style="text-align:left;">string</td> <td style="text-align:left;">true</td> <td>The ORY Access Control Policy flavor. Can be &quot;regex&quot;, &quot;glob&quot;, and &quot;exact&quot;.</td></tr></tbody></table> <h3 id="_4-4-检查请求是否允许通过"><a href="#_4-4-检查请求是否允许通过" class="header-anchor">#</a> 4.4 检查请求是否允许通过</h3> <p>请求头</p> <div class="language-html line-numbers-mode"><pre class="language-html"><code>POST /engines/acp/ory/{flavor}/allowed HTTP/1.1

Content-Type: application/json

Accept: application/json

</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br></div></div><p>body</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>{
  &quot;action&quot;: &quot;string&quot;,
  &quot;context&quot;: {
    &quot;property1&quot;: {},
    &quot;property2&quot;: {}
  },
  &quot;resource&quot;: &quot;string&quot;,
  &quot;subject&quot;: &quot;string&quot;
}
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br></div></div><h3 id="_4-5-参数列表"><a href="#_4-5-参数列表" class="header-anchor">#</a> 4.5 参数列表</h3> <p>OryAccessControlPolicyAllowedInput*</p> <table><thead><tr><th>Name</th> <th>Type</th> <th>Required</th> <th>Restrictions</th> <th>Description</th></tr></thead> <tbody><tr><td>action</td> <td>string</td> <td>false</td> <td>none</td> <td>Action is the action that is requested on the resource.</td></tr> <tr><td>context</td> <td>object</td> <td>false</td> <td>none</td> <td>Context is the request's environmental context.</td></tr> <tr><td><strong>additionalProperties</strong></td> <td>object</td> <td>false</td> <td>none</td> <td>none</td></tr> <tr><td>resource</td> <td>string</td> <td>false</td> <td>none</td> <td>Resource is the resource that access is requested to.</td></tr> <tr><td>subject</td> <td>string</td> <td>false</td> <td>none</td> <td>Subject is the subject that is requesting access.</td></tr></tbody></table> <p>response</p> <p><code>{&quot;allowed&quot;:&quot;true&quot;}</code>  or <code>{&quot;allowed&quot;:&quot;false&quot;}</code></p> <h2 id="_5-访问控制策略操作"><a href="#_5-访问控制策略操作" class="header-anchor">#</a> 5 访问控制策略操作</h2> <h3 id="_5-1-获取访问控制策略集合"><a href="#_5-1-获取访问控制策略集合" class="header-anchor">#</a> 5.1 获取访问控制策略集合</h3> <div class="language- line-numbers-mode"><pre class="language-text"><code>GET /engines/acp/ory/{flavor}/policies HTTP/1.1
Accept: application/json
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br></div></div><p>参数列表</p> <table><thead><tr><th>Parameter</th> <th>In</th> <th>Type</th> <th>Required</th> <th>Description</th></tr></thead> <tbody><tr><td>flavor</td> <td>path</td> <td>string</td> <td>true</td> <td>The ORY Access Control Policy flavor. Can be &quot;regex&quot;, &quot;glob&quot;, and &quot;exact&quot;</td></tr> <tr><td>limit</td> <td>query</td> <td>integer(int64)</td> <td>false</td> <td>The maximum amount of policies returned.</td></tr> <tr><td>offset</td> <td>query</td> <td>integer(int64)</td> <td>false</td> <td>The offset from where to start looking.</td></tr> <tr><td>subject</td> <td>query</td> <td>string</td> <td>false</td> <td>The subject for whom the policies are to be listed.</td></tr> <tr><td>resource</td> <td>query</td> <td>string</td> <td>false</td> <td>The resource for which the policies are to be listed.</td></tr> <tr><td>action</td> <td>query</td> <td>string</td> <td>false</td> <td>The action for which policies are to be listed.</td></tr></tbody></table> <h3 id="_5-2-更新访问控制策略"><a href="#_5-2-更新访问控制策略" class="header-anchor">#</a> 5.2 更新访问控制策略</h3> <div class="language-go line-numbers-mode"><pre class="language-go"><code>PUT <span class="token operator">/</span>engines<span class="token operator">/</span>acp<span class="token operator">/</span>ory<span class="token operator">/</span><span class="token punctuation">{</span>flavor<span class="token punctuation">}</span><span class="token operator">/</span>policies HTTP<span class="token operator">/</span><span class="token number">1.1</span>
Content<span class="token operator">-</span>Type<span class="token punctuation">:</span> application<span class="token operator">/</span>json
Accept<span class="token punctuation">:</span> application<span class="token operator">/</span>json
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br></div></div><p>参数列表</p> <table><thead><tr><th>Parameter</th> <th>Type</th> <th>Required</th> <th><strong>Restrictions</strong></th> <th>Description</th></tr></thead> <tbody><tr><td>actions</td> <td>[string]</td> <td>false</td> <td>none</td> <td>Actions is an array representing all the actions this ORY Access Policy applies to.</td></tr> <tr><td>conditions</td> <td>object</td> <td>false</td> <td>none</td> <td>Conditions represents a keyed object of conditions under which this ORY Access Policy is active.</td></tr> <tr><td><strong>additionalProperties</strong></td> <td>object</td> <td>false</td> <td>none</td> <td>none</td></tr> <tr><td>description</td> <td>string</td> <td>false</td> <td>none</td> <td>Description is an optional, human-readable description.</td></tr> <tr><td>effect</td> <td>string</td> <td>false</td> <td>none</td> <td>Effect is the effect of this ORY Access Policy. It can be &quot;allow&quot; or &quot;deny&quot;.</td></tr> <tr><td>id</td> <td>string</td> <td>false</td> <td>none</td> <td>访问策略的唯一标识，用来查询，更新和删除</td></tr> <tr><td>resources</td> <td>[string]</td> <td>false</td> <td>none</td> <td>Resources is an array representing all the resources this ORY Access Policy applies to.</td></tr> <tr><td>subjects</td> <td>[string]</td> <td>false</td> <td>none</td> <td>Subjects is an array representing all the subjects this ORY Access Policy applies to.</td></tr></tbody></table> <h3 id="_5-3-查询具体的策略"><a href="#_5-3-查询具体的策略" class="header-anchor">#</a> 5.3 查询具体的策略</h3> <div class="language- line-numbers-mode"><pre class="language-text"><code>GET /engines/acp/ory/{flavor}/policies/{id} HTTP/1.1
Accept: application/json
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br></div></div><h3 id="_5-4-删除访问控制策略"><a href="#_5-4-删除访问控制策略" class="header-anchor">#</a> 5.4  删除访问控制策略</h3> <div class="language- line-numbers-mode"><pre class="language-text"><code>DELETE /engines/acp/ory/{flavor}/policies/{id} HTTP/1.1
Accept: application/json
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br></div></div><h2 id="_6-访问控制策略角色操作"><a href="#_6-访问控制策略角色操作" class="header-anchor">#</a> 6 访问控制策略角色操作</h2> <h3 id="_6-1-查询寻访问控制角色集合"><a href="#_6-1-查询寻访问控制角色集合" class="header-anchor">#</a> 6.1 查询寻访问控制角色集合</h3> <div class="language- line-numbers-mode"><pre class="language-text"><code>GET /engines/acp/ory/{flavor}/roles HTTP/1.1
Accept: application/json
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br></div></div><p>参数说明：</p> <table><thead><tr><th>Parameter</th> <th>In</th> <th>Type</th> <th>Required</th> <th>Description</th></tr></thead> <tbody><tr><td>flavor</td> <td>path</td> <td>string</td> <td>true</td> <td>The ORY Access Control Policy flavor. Can be &quot;regex&quot;, &quot;glob&quot;, and &quot;exact&quot;</td></tr> <tr><td>limit</td> <td>query</td> <td>integer(int64)</td> <td>false</td> <td>The maximum amount of policies returned.</td></tr> <tr><td>offset</td> <td>query</td> <td>integer(int64)</td> <td>false</td> <td>The offset from where to start looking.</td></tr> <tr><td>member</td> <td>query</td> <td>string</td> <td>false</td> <td>The member for which the roles are to be listed.</td></tr></tbody></table> <h3 id="_6-2-添加访问控制的角色"><a href="#_6-2-添加访问控制的角色" class="header-anchor">#</a> 6.2 添加访问控制的角色</h3> <div class="language- line-numbers-mode"><pre class="language-text"><code>PUT /engines/acp/ory/{flavor}/roles HTTP/1.1
Content-Type: application/json
Accept: application/json

</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br></div></div><p>例子：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>{
  &quot;id&quot;: &quot;string&quot;,
  &quot;members&quot;: [&quot;string&quot;]
}
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br></div></div><p>参数列表</p> <table><thead><tr><th>Parameter</th> <th>Type</th> <th>Required</th> <th>Description</th></tr></thead> <tbody><tr><td>id</td> <td>string</td> <td>false</td> <td>ID is the role's unique id.</td></tr> <tr><td>members</td> <td>[string]</td> <td>false</td> <td>Members is who belongs to the role.</td></tr></tbody></table> <h3 id="_6-3-获取访问控制角色信息"><a href="#_6-3-获取访问控制角色信息" class="header-anchor">#</a> 6.3 获取访问控制角色信息</h3> <div class="language- line-numbers-mode"><pre class="language-text"><code>GET /engines/acp/ory/{flavor}/roles/{id} HTTP/1.1
Accept: application/json
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br></div></div><h3 id="_6-4-删除访问控制角色信息"><a href="#_6-4-删除访问控制角色信息" class="header-anchor">#</a> 6.4 删除访问控制角色信息</h3> <div class="language- line-numbers-mode"><pre class="language-text"><code>DELETE  /engines/acp/ory/{flavor}/roles/{id} HTTP/1.1
Accept: application/json
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br></div></div><h3 id="_6-5-为角色添加用户"><a href="#_6-5-为角色添加用户" class="header-anchor">#</a> 6.5 为角色添加用户</h3> <div class="language- line-numbers-mode"><pre class="language-text"><code>PUT /engines/acp/ory/{flavor}/roles/{id}/members HTTP/1.1 Content-Type: application/json Accept: application/json

请求体：
{
  &quot;members&quot;: [&quot;string&quot;]
}
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br></div></div><h3 id="_6-6从角色中删除某个用户成员"><a href="#_6-6从角色中删除某个用户成员" class="header-anchor">#</a> 6.6从角色中删除某个用户成员</h3> <div class="language- line-numbers-mode"><pre class="language-text"><code>DELETE /engines/acp/ory/{flavor}/roles/{id}/members/{member} HTTP/1.1 Accept: application/json
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><h2 id="_7-健康检查"><a href="#_7-健康检查" class="header-anchor">#</a> 7 健康检查</h2> <h3 id="_7-1-检查存活状态"><a href="#_7-1-检查存活状态" class="header-anchor">#</a> 7.1 检查存活状态</h3> <div class="language- line-numbers-mode"><pre class="language-text"><code>GET /health/alive HTTP/1.1
Accept: application/json
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br></div></div><p>结果：（官方说明总是ok）</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>{  &quot;status&quot;: &quot;ok&quot; }
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><h3 id="_7-2-检查准备就绪"><a href="#_7-2-检查准备就绪" class="header-anchor">#</a> 7.2 检查准备就绪</h3> <div class="language- line-numbers-mode"><pre class="language-text"><code>GET /health/ready HTTP/1.1
Accept: application/json
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br></div></div><h3 id="_7-3-获取当前版本"><a href="#_7-3-获取当前版本" class="header-anchor">#</a> 7.3 获取当前版本</h3> <div class="language- line-numbers-mode"><pre class="language-text"><code>GET /version HTTP/1.1 
Accept: application/json
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br></div></div><h2 id="_8-测试样例"><a href="#_8-测试样例" class="header-anchor">#</a> 8 测试样例</h2> <div class="language- line-numbers-mode"><pre class="language-text"><code>put   http://127.0.0.1:4444/engines/acp/ory/glob/policies

{
  &quot;actions&quot;: [&quot;get&quot;,&quot;create&quot;,&quot;modify&quot;,&quot;delete&quot;],
  &quot;conditions&quot;: {
    &quot;optionAccess&quot;: {
    	&quot;type&quot;: &quot;CIDRCondition&quot;,
    	&quot;options&quot;: {
        &quot;cidr&quot;: &quot;192.168.0.0/16&quot;
      }
    }
  },
  &quot;description&quot;: &quot;test q&quot;,
  &quot;effect&quot;: &quot;allow&quot;,
  &quot;id&quot;: &quot;string&quot;,
  &quot;resources&quot;: [ 
  	&quot;blog_posts:my-first-blog-post&quot;,
    &quot;blog_posts:2&quot;,
    &quot;blog_posts:3&quot;],
  &quot;subjects&quot;: [&quot;admin&quot;,&quot;admin1&quot;,&quot;admin2&quot;]
}
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br><span class="line-number">17</span><br><span class="line-number">18</span><br><span class="line-number">19</span><br><span class="line-number">20</span><br><span class="line-number">21</span><br></div></div></div> <footer class="page-edit"><!----> <!----></footer> <div class="page-nav"><p class="inner"><span class="prev">
      ←
      <a href="/blog/Go/12  用户中心kratos.html" class="prev">
        用户中心kratos
      </a></span> <span class="next"><a href="/blog/Go/14  Hydra项目介绍.html">
        Hydra项目介绍
      </a>
      →
    </span></p></div> </main></div><div class="global-ui"><!----></div></div>
    <script src="/assets/js/app.1bc80adb.js" defer></script><script src="/assets/js/2.7c0608ab.js" defer></script><script src="/assets/js/37.d8658de5.js" defer></script>
  </body>
</html>
